[rt-users] ldap auth succeeds but autocreate fails
Kostas Voulgaris
voulgaris at ceid.upatras.gr
Fri Mar 7 08:59:52 EST 2008
Problem solved! You should never map the user id with an ldap attribute!
I wanted my rt users to have the same id with their unix accounts. I
don't think this was documented somewhere.
Kostas Voulgaris.
On Thu, 2008-03-06 at 19:45 +0200, Kostas Voulgaris wrote:
> Hi,
>
> i'm trying to set up rt to auto-create ldap authenticated users.
> authentication from ldap works, all user attributes are mapped correctly
> but new user creation fails. i've followed the guide in wiki.
>
> here is my rt ldap configuration:
>
> Set($AuthMethods, ['LDAP', 'Internal']);
> Set($LdapExternalAuth, 1);
> Set($LdapExternalInfo, 1);
> Set($LdapAutoCreateNonLdapUsers, 1);
> Set($LdapAttrMap, {'Name' => 'uid',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> 'ExternalContactInfoId' => 'dn',
> 'ExternalAuthId' => 'uid',
> 'Gecos' => 'gecos',
> 'Comments' => 'gidNumber',
> 'id' => 'uidNumber'
> }
> );
> Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
> 'EmailAddress', 'RealName']
> );
> Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
> 'mailAlternateAddress']
> );
> Set($LdapEmailAttrMatchPrefix, [''] );
> Set($LdapServer, 'void');
> Set($LdapBase, 'ou=people,dc=ceid,dc=upatras,dc=gr');
> Set($LdapFilter, '(objectclass=*)');
> Set($LdapDisableFilter, '(employmentStatus=Terminated)');
> Set($LdapTLS, 1);
> Set($LdapSSLVersion, 3);
>
> a sample ldap user request
>
> # ldapsearch -vx -h void -b "dc=ceid, dc=upatras, dc=gr"
> "(uid=voulgaris)"
> ldap_initialize( ldap://void )
> filter: (uid=voulgaris)
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ceid, dc=upatras, dc=gr> with scope subtree
> # filter: (uid=voulgaris)
> # requesting: ALL
> #
>
> # voulgaris, people, ceid.upatras.gr
> dn: uid=voulgaris,ou=people,dc=ceid,dc=upatras,dc=gr
> uid: voulgaris
> cn: Kon/nos Voulgaris
> sn: Voulgaris
> uidNumber: 3866
> gidNumber: 2005
> gecos: Kon/nos Voulgaris
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: radiusprofile
> loginShell: /bin/bash
> mail: voulgaris at ceid.upatras.gr
> shadowMin: -1
> shadowMax: 99999
> shadowWarning: -1
> shadowInactive: -1
> shadowExpire: -1
> shadowFlag: -1
> dialupAccess: yes
> homeDirectory: /home/voulgaris
> shadowLastChange: 13805
> userPassword: {not shown}
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> and my rt log entries.
>
> [Thu Mar 6 15:26:05 2008] [warning]: Use of uninitialized value in
> numeric eq (==) at /usr/share/request-tracker3.6/lib/RT/User_Overlay.pm
> line 1787. (/usr/share/request-tracker3.6/lib/RT/User_Overlay.pm:1787)
> [Thu Mar 6 15:26:05 2008] [warning]: Use of uninitialized value in
> numeric eq (==) at /usr/share/request-tracker3.6/lib/RT/User_Overlay.pm
> line 1787. (/usr/share/request-tracker3.6/lib/RT/User_Overlay.pm:1787)
>
> #this maybe the root of the problem.
> [Thu Mar 6 15:26:05 2008] [warning]: Transaction->Create couldn't, as
> you didn't specify an object type and id
> (/usr/share/request-tracker3.6/lib/RT/Record.pm:1466)
>
> #ldap authentication succeeds
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::IsLDAPPassword AUTH OK:
> voulgaris (uid=voulgaris,ou=people,dc=ceid,dc=upatras,dc=gr)
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:224)
>
> #attributes map correctly
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::LookupExternalUserInfo :
> ou=people,dc=ceid,dc=upatras,dc=gr uid=voulgaris => Comments: 2005,
> EmailAddress: voulgaris at ceid.upatras.gr, ExternalAuthId: voulgaris,
> ExternalContactInfoId: uid=voulgaris,ou=people,dc=ceid,dc=upatras,dc=gr,
> Gecos: Kon/nos Voulgaris, Name: voulgaris, RealName: Kon/nos Voulgaris,
> id: 3866 (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:569)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::LookupExternalUserInfo :
> ou=people,dc=ceid,dc=upatras,dc=gr mail=voulgaris at ceid.upatras.gr =>
> Comments: 2005, EmailAddress: voulgaris at ceid.upatras.gr, ExternalAuthId:
> voulgaris, ExternalContactInfoId:
> uid=voulgaris,ou=people,dc=ceid,dc=upatras,dc=gr, Gecos: Kon/nos
> Voulgaris, Name: voulgaris, RealName: Kon/nos Voulgaris, id: 3866
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:569)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::CanonicalizeEmailAddress
> voulgaris at ceid.upatras.gr => voulgaris at ceid.upatras.gr
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:347)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::CanonicalizeUserInfo
> returning Comments: 2005, Disabled: 0, EmailAddress:
> voulgaris at ceid.upatras.gr, ExternalAuthId: voulgaris,
> ExternalContactInfoId: uid=voulgaris,ou=people,dc=ceid,dc=upatras,dc=gr,
> Gecos: Kon/nos Voulgaris, Name: voulgaris, Privileged: 0, RealName:
> Kon/nos Voulgaris, id: 3866
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:413)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::LookupExternalUserInfo :
> ou=people,dc=ceid,dc=upatras,dc=gr mail=voulgaris at ceid.upatras.gr =>
> Comments: 2005, EmailAddress: voulgaris at ceid.upatras.gr, ExternalAuthId:
> voulgaris, ExternalContactInfoId:
> uid=voulgaris,ou=people,dc=ceid,dc=upatras,dc=gr, Gecos: Kon/nos
> Voulgaris, Name: voulgaris, RealName: Kon/nos Voulgaris, id: 3866
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:569)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::CanonicalizeEmailAddress
> voulgaris at ceid.upatras.gr => voulgaris at ceid.upatras.gr
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:347)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::LookupExternalUserInfo :
> ou=people,dc=ceid,dc=upatras,dc=gr mail=voulgaris at ceid.upatras.gr =>
> Comments: 2005, EmailAddress: voulgaris at ceid.upatras.gr, ExternalAuthId:
> voulgaris, ExternalContactInfoId:
> uid=voulgaris,ou=people,dc=ceid,dc=upatras,dc=gr, Gecos: Kon/nos
> Voulgaris, Name: voulgaris, RealName: Kon/nos Voulgaris, id: 3866
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:569)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::CanonicalizeEmailAddress
> voulgaris at ceid.upatras.gr => voulgaris at ceid.upatras.gr
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:347)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::LookupExternalUserInfo :
> ou=people,dc=ceid,dc=upatras,dc=gr mail=voulgaris at ceid.upatras.gr =>
> Comments: 2005, EmailAddress: voulgaris at ceid.upatras.gr, ExternalAuthId:
> voulgaris, ExternalContactInfoId:
> uid=voulgaris,ou=people,dc=ceid,dc=upatras,dc=gr, Gecos: Kon/nos
> Voulgaris, Name: voulgaris, RealName: Kon/nos Voulgaris, id: 3866
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:569)
> [Thu Mar 6 15:26:05 2008] [info]: RT::User::CanonicalizeEmailAddress
> voulgaris at ceid.upatras.gr => voulgaris at ceid.upatras.gr
> (/usr/share/request-tracker3.6/lib/RT/User_Local.pm:347)
>
> #some warnings. can't figure out where the problem is.
> [Thu Mar 6 15:26:06 2008] [warning]: Use of uninitialized value in
> concatenation (.) or string
> at /usr/share/request-tracker3.6/lib/RT/Group_Overlay.pm line 566.
> (/usr/share/request-tracker3.6/lib/RT/Group_Overlay.pm:566)
> [Thu Mar 6 15:26:06 2008] [warning]: Use of uninitialized value in
> concatenation (.) or string
> at /usr/share/request-tracker3.6/lib/RT/Group_Overlay.pm line 566.
> (/usr/share/request-tracker3.6/lib/RT/Group_Overlay.pm:566)
>
> #two critical errors. don't know why
> [Thu Mar 6 15:26:06 2008] [crit]: Could not add user to Everyone group
> on user creation.
> (/usr/share/request-tracker3.6/lib/RT/User_Overlay.pm:293)
> [Thu Mar 6 15:26:06 2008] [crit]: Couldn't find that principal
> (/usr/share/request-tracker3.6/lib/RT/User_Overlay.pm:294)
>
> #autocreate seems ok
> [Thu Mar 6 15:26:06 2008] [info]: Autocreated authenticated user
> voulgaris (3866)
> (/usr/local/share/request-tracker3.6/html/Callbacks/LDAP/autohandler/Auth:23)
>
> #but no user is created and login fails
> [Thu Mar 6 15:26:06 2008] [error]: FAILED LOGIN for voulgaris from
> 150.140.140.18 (/usr/share/request-tracker3.6/html/autohandler:238)
>
> my rt installation works flawlessly without ldap authentication. my
> system info
>
> Debian Etch i386
> rt 3.6.1 (from debian repository)
> Apache 1.3.34
> mysql Ver 14.12 Distrib 5.0.32
> perl 5.8.8
>
> Thank you in advance,
> Kostas Voulgaris
>
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
More information about the rt-users
mailing list